You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Paul Querna <ch...@force-elite.com> on 2005/04/21 20:52:45 UTC

RFC: Name Based Virtual Host Callback

I am working on adding TLS 1.1 Server Name Indication(SNI) support to
mod_gnutls[1].  SNI allows a client to say which host name they are
using, inside the TLS handshake, before we decide which certificate to
send. In effect this allows virtual hosting of SSL Sites, with a single
IP Address, removing the traditional requirement for one IP address
per-HTTPS website.

My plan was to require users to set:
NameVirtualHost 1.2.3.4:443

Then iterate the matching virtual hosts, and check if their certificate
matches the one requested via SNI.  If none matched, it would use the
default vhost(and it's certificate).

My current problem is, I do not have an easy method to iterating *only*
the matching Virtual Hosts.  I can iterate all of the server_rec by
using the global 'ap_server_conf', but this is less than optimal.

Inside server/vhost.c, the list of all the virtual hosts per-IP/port is
kept in a private structure.  I do not think exposing this private
structure to make it fully public is a good idea.

Instead I have tested a simple callback method, that will only run the
callback for the matching virtual hosts.  Attached is a prototype patch.

This is really an RFC -- I think the callback method is the cleanest,
and requires the smallest code change to expose this information, but I
welcome alternative solutions.

Thanks,

-Paul

[1] - http://www.outoforder.cc/projects/apache/mod_gnutls/

Re: RFC: Name Based Virtual Host Callback

Posted by Paul Querna <ch...@force-elite.com>.

Paul Querna wrote:
> Paul Querna wrote:
> ....
> 
>>Instead I have tested a simple callback method, that will only run the
>>callback for the matching virtual hosts.  Attached is a prototype patch.
> 
> 
> Attached is an updated patch.
> 
> If no one cares, I will commit it to trunk tonight.

Committed to trunk in r164538.

-Paul

Re: RFC: Name Based Virtual Host Callback

Posted by Paul Querna <ch...@force-elite.com>.

Paul Querna wrote:
....
> Instead I have tested a simple callback method, that will only run the
> callback for the matching virtual hosts.  Attached is a prototype patch.

Attached is an updated patch.

If no one cares, I will commit it to trunk tonight.

This does include a minor MMN bump.

-Paul